CVE-2010-1136

Sažetak

The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.

Reference

http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
http://osvdb.org/62801
http://secunia.com/advisories/38882
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196
http://www.securityfocus.com/bid/38608
https://exchange.xforce.ibmcloud.com/vulnerabilities/56771

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-08-2017 - 01:32

Objavljeno

27-03-2010 - 19:07